On Mon, 13 Nov 2000, Torsten Duwe wrote:
>
> --- linux/kernel/kmod.c.orig Tue Sep 26 01:18:55 2000
> +++ linux/kernel/kmod.c Mon Nov 13 16:57:02 2000
> @@ -168,6 +168,22 @@
> static atomic_t kmod_concurrent = ATOMIC_INIT(0);
> #define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */
> static int kmod_loop_msg;
> + const char * p;
> +
> + /* For security reasons ensure the requested name consists
> + * only of allowed characters. Especially whitespace and
> + * shell metacharacters might confuse modprobe.
> + */
> + for (p = module_name; *p; p++)
> + {
> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z')
> + continue;
> + if (*p >= '0' && *p <= '9')
> + continue;
> + if (*p == '_' || *p == '-')
> + continue;
> + return -EINVAL;
> + }
>
Just in case... Some modules have uppercase letters too :)
-- Francis Galiegue, fg@mandrakesoft.com "Programming is a race between programmers, who try and make more and more idiot-proof software, and universe, which produces more and more remarkable idiots. Until now, universe leads the race" -- R. Cook- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:24 EST